Israeli Companies Targeted With New Pay2Key Ransomware

pay2key-ransomware.png
Image: Check Point

Several companies and large corporations from Israel have been breached and had their systems encrypted using a new strain of ransomware named Pay2Key, in what appears to be a targeted attack against Israeli networks.

The first attacks were seen in late October but have now grown in numbers while also remaining contained to Israel.

"As days go by, more of the reported ransomware attacks turn out to be related to the new Pay2Key ransomware," Israeli cyber-security firm Check Point said in a security alert published today.

According to the company, attacks usually happened after midnight, when companies have fewer IT employees at work.

The initial entry point for all intrusions is currently believed to be weakly secured RDP (Remote Desktop Protocol) services.

Access to company networks appears to have been obtained "some time before the attack," but once the ransomware crew begins its intrusion, it usually takes them an hour to spread to the entire network and encrypt files.

To avoid having their activities detected, the Pay2Key operators usually set up a pivot point on the local network, through which they proxy all their communications to reduce their detectable network footprint.

Once the encryption ends, ransom notes are left on the hacked systems, with the Pay2Key gang usually asking for payments of 7 to 9 bitcoins (~$110K-$140K).

Based on current analysis, Check Point said the encryption scheme appears to be solid (using the AES and RSA algorithms), which unfortunately has prevented the company from creating a free decrypter for victims.

Researchers say the ransomware has been created from scratch, with no overlaps with other known ransomware strains, and appears to have been named "Cobalt" during a previous/development phase.

Some sleuthing from the Check Point team has also linked the ransomware to a Keybase account using the same Pay2Key name, registered earlier this year in June, but it is currently unclear who developed the ransomware and why are they targeting only Israeli companies.

RECENT NEWS

Reassessing AI Investments: What The Correction In US Megacap Tech Stocks Signals

The recent correction in US megacap tech stocks, including giants like Nvidia, Tesla, Meta, and Alphabet, has sent rippl... Read more

AI Hype Meets Reality: Assessing The Impact Of Stock Declines On Future Tech Investments

Recent declines in the stock prices of major tech companies such as Nvidia, Tesla, Meta, and Alphabet have highlighted a... Read more

Technology Sector Fuels U.S. Economic Growth In Q2

The technology sector played a pivotal role in accelerating America's economic growth in the second quarter of 2024.The ... Read more

Tech Start-Ups Advised To Guard Against Foreign Investment Risks

The US National Counterintelligence and Security Center (NCSC) has advised American tech start-ups to be wary of foreign... Read more

Global IT Outage Threatens To Cost Insurers Billions

Largest disruption since 2017’s NotPetya malware attack highlights vulnerabilities.A recent global IT outage has cause... Read more

Global IT Outage Disrupts Airlines, Financial Services, And Media Groups

On Friday morning, a major IT outage caused widespread disruption across various sectors, including airlines, financial ... Read more

We use cookies to give you the best experience possible. By continuing we’ll assume you’re on board with our cookie policy.